General

  • Target

    74d0c3a3f78914279b4e586f9861de1804606a03504e35efce55fd750306d780

  • Size

    126KB

  • Sample

    240422-3p2bjahg52

  • MD5

    68cea470193a5539d187089af7e26ba1

  • SHA1

    4b07fa764a5ee2ba0bdaddc8d5f2edc607c22633

  • SHA256

    74d0c3a3f78914279b4e586f9861de1804606a03504e35efce55fd750306d780

  • SHA512

    103b5c0da52d950178e73b8202e903b6153d5571847aa2784bee605bca979b6e86349d07a3553d3be7a69557b1ae0ac1bfe60a6870a1e080ba7254adaf5cf83a

  • SSDEEP

    3072:RVBl+VFbe1N9JJuusBBlMPmuf6znw9rzy0SwXn:Rhm4N9JJzqyyLXty

Score
10/10

Malware Config

Targets

    • Target

      74d0c3a3f78914279b4e586f9861de1804606a03504e35efce55fd750306d780

    • Size

      126KB

    • MD5

      68cea470193a5539d187089af7e26ba1

    • SHA1

      4b07fa764a5ee2ba0bdaddc8d5f2edc607c22633

    • SHA256

      74d0c3a3f78914279b4e586f9861de1804606a03504e35efce55fd750306d780

    • SHA512

      103b5c0da52d950178e73b8202e903b6153d5571847aa2784bee605bca979b6e86349d07a3553d3be7a69557b1ae0ac1bfe60a6870a1e080ba7254adaf5cf83a

    • SSDEEP

      3072:RVBl+VFbe1N9JJuusBBlMPmuf6znw9rzy0SwXn:Rhm4N9JJzqyyLXty

    Score
    10/10
    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Detects executables embedding registry key / value combination manipulating RDP / Terminal Services

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks